3 Critical Issues Facing ACUC Attendees

The NCUA's proposed risk-based capital rule, interest rate risk and cybersecurity were expected to be heavily discussed topics among conference attendees in San Francisco. Here's a rundown on those broad topics.

Risk-based capital: As the agency prepares changes to the proposed RBC rule, credit unions are attempting to find the best ways to cope with new capital requirements.

The comment period for the proposal ended May 28. More than 2,000 comment letters were submitted.

NCUA Board Chairman Debbie Matz told CU Times more than a few risk weights in the proposal will likely be changed in the final rule. Board Member Rick Metsger said he supports a longer phase-in period. However, no specific modifications have been set in stone. NCUA leaders said they are eager to hear feedback from stakeholders at the agency's listening sessions this summer.

“It's an opportunity for us to learn from the credit unions and for them to hear what we’re about and why we’re making the decisions we’re making. At the end of the day, hopefully we can come back with some suggestions about how to improve our rules, our procedures and how to help credit unions do their business in a more efficient way,” Matz said.

“That's what's happened in the past and hopefully that will be the outcome at the end of the day when all our listening sessions are completed,” she added.

“They’re certainly willing to listen. Rather than focusing on what we think is wrong about the proposal, we really focused on how we think it can be fixed and improved,” Dunn said of the agency.

“We didn't get into any specifics with them about what aspects would be changed, but we came back feeling quite positive that we were able to fully get on the table a lot of our concerns with some explanation and that they are seriously considering a number of changes,” Hampel said.

What happens next: Matz said the agency would respond to the comments it has received. “We won't make every change that's been suggested but certainly we will be making a lot of changes to this rule,” she said.

Interest rate risk: The NCUA has urged more action from credit unions to address interest rate risk. According to the trade associations, credit unions are ready for potential rate increases.

Hampel told CU Times the agency has warned for three years that credit unions are not sufficiently preparing themselves for the imminent rise of interest rates.

“The three years have passed and nothing has happened. Of course that means we’re three years closer to when interest rates rise,” the CUNA interim CEO said.

“This is a judgment call and from what we hear from credit unions, the way this issue is being dealt with in examinations suggests that the agency might be applying an overly simplistic approach to interest rate risk, the result of which is they may be overstating the effect,” Hampel said.

NAFCU holds a similar view on the matter.

“Credit unions are safe-and-sound institutions and have successfully weathered the recent financial crisis because of their prudent business model, and they have been widely lauded for it. An integral part of that business model is managing interest rate risk and strict adherence to regulatory requirements,” NAFCU President/CEO Dan Berger said.

Matz said the NCUA is worried about credit unions’ investments in long-term assets.

“We are concerned that 35% of their investments are in long term assets – that's a historic high. We’re very concerned about that because when long term rates go up, those investments are going to be at low rates and it's going to be hard for the credit unions to have liquidity when that happens,” the NCUA chairman said. “We’re concerned because the spread between unrealized gains and unrealized losses is now $5 billion, which is historically high.”

Matz said the agency's aggregate indicators also have caused concern.

“Within that, there are credit unions that are just fine but there are credit unions that are causing us to be concerned about the industry as a whole because if those credit unions should fail, it's a cost that will be borne by all credit unions,” she said.

“If we see aggregate numbers that are starting to be of concern to us, we start talking about it and making policy even though it doesn't affect every single credit union. So, I know there are credit unions that are doing just fine, but in the aggregate, we have reason to be concerned about the interest rate risk on the books of credit unions,” she added.

What happens next: To address interest rate risk, Matz encouraged every credit union to take a look at its balance sheet and determine the point when it would fail. “We recommend stressing at 300 basis points but they can go higher than that,” she said. “They need to know at what point their credit union would fail and make appropriate policies based on that.”

Meanwhile, a key deadline for the major card brands and liability approaches, and federal regulators are promising greater scrutiny of cyber security in general during examinations.

A new study from the PULSE ATM network found that credit unions experienced larger losses than other institutions as a result of the Target breach. Overall, credit unions saw the percentage of their cards affected by fraud rise from 3% in 2012 to 16% in 2013, with 14% coming from the Target breach at year's end.

According to The 2014 Debit Issuer Study, while large banks saw 7% of the debit card base affected by fraud in 2012, that number climbed to 14% in 2013, with 10% coming from Target's breach, the report found. Small banks saw their percentage of their debit card base impacted by fraud climb from 5% in 2012 to 12% in 2013 with 9% coming from the Target theft.

CUNA and the Consumer Bankers Association said they had found the cost of card replacement alone from the Target breach has exceeded $200 million.

Meanwhile, PULSE reported, not all credit unions plan to issue credit cards embedded with EMV chips, the international standard that major card brands are trying to get adopted, with the help of major processors like PSCU and CO-OP in the credit union space.

Fully 17% of credit unions surveyed by researchers for PULSE said they do not plan to issue debit cards with an embedded EMV chip. This means these credit unions risk taking all the liability for card fraud from their non-EMV enabled cards after the industry goes through its planned October 2015 liability shift. The survey found that 14% of all debit card issuers said they would not issue debit cards with the embedded chip, with 22% of community banks saying they would not do so and 4% of large banks.

And on the regulator front, the FFIEC, which includes the NCUA, has begun a pilot program at more than 500 community institutions, to be conducted by state and federal regulators, which will be completed during regularly scheduled examinations.

“Regulators are particularly focusing on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience,” said the FFIEC announcement issued last week by the NCUA and other financial services regulators.

What happens next: Many credit unions are banking on Visa and MasterCard extending the liability shift, and have adopted a wait-and-see attitude. Meanwhile, credit unions operate under increasing scrutiny from regulators who have underlined cybersecurity measures on their exam checklists.